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DETAILED ACTION 

1. Claims 1-20 are pending and have been examined. 

Specification 

2. The disclosure is objected to because of the following informalities: "OSI", 
"IPSec" (page 1), "RF", "MAC" (page 2). These terms have not been defined. 

> 

Appropriate correction is required. 

3. The use of the trademark "802.1 1" has been noted in this application. It should 
be capitalized wherever it appears and be accompanied by the generic terminology. 

Although the use of trademarks is permissible in patent applications, the 
proprietary nature of the marks should be respected and every effort made to prevent 
their use in any manner which might adversely affect their validity as trademarks. 

4. The disclosure is objected to because it contains an embedded hyperlink and/or 
other form of browser-executable code (page 3). Applicant is required to delete the 
embedded hyperlink and/or other form of browser-executable code. See MPEP § 
608.01. 

Claim Objections 

5. Claim 19 is objected to because of the following informalities: "based on the a 
impersonation". Appropriate correction is required. 

Claim Rejections - 35 USC § 112 

6. The following is a quotation of the first paragraph of 35 U.S.C. 1 12: 

The specification shall contain a written description of the invention, and of the manner and process of 
making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the 
art to which it pertains, or with which it is most nearly connected, to make and use the same and shall 
set forth the best mode contemplated by the inventor of carrying out his invention. 
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7. Claims 15 and 20 are rejected under 35 U.S.C. 112, first paragraph, as failing to 
comply with the written description requirement. The claim(s) contains subject matter 
which was not described in the specification in such a way as to reasonably convey to 
one skilled in the relevant art that the inventor(s), at the time the application was filed, 
had possession of the claimed invention. The disclosure is directed to a IEEE 802.11- 
type network. 

Claim Rejections - 35 USC § 102 

8. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in a patent granted on an application for patent by another filed in the 
United States before the invention thereof by the applicant for patent, or on an international application 
by another who has fulfilled the requirements of paragraphs (1), (2), and (4) of section 371(c) of this 
title before the invention thereof by the applicant for patent. 

The changes made to 35 U.S.C. 102(e) by the American Inventors Protection Act 
of 1999 (AIPA) and the Intellectual Property and High Technology Technical 
Amendments Act of 2002 do not apply when the reference is a U.S. patent resulting 
directly or indirectly from an international application filed before November 29, 2000. 

» 

Therefore, the prior art date of the reference is determined under 35 U.S.C. 1 02(e) prior 
to the amendment by the AIPA (pre-AlPA 35 U.S.C. 102(e)). 

9. Claims 1-20 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Thomsen (US Patent 6,745,333). 

Regarding claim 1, Thomsen teaches 
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a method for detecting impersonation based attacks at a wireless node of 
a wireless communication network (abstract), comprising the steps of: 

a) providing an intrusion detection module with a copy of original data 
frames transmitted by the wireless node over a wireless interface (col. 
12, lines 33-67); 

b) detecting at the intrusion detection module incoming data frames 
received over the wireless interface (col. 12, lines 50-67, col. 13, lines 
1-28); and 

c) recognizing an impersonating attack when the information in the copy 
differs from the information in the incoming data frames (col. 10, lines 
50-67, col. 11, lines 1-33). 

Regarding claim 10, Thomsen teaches 

an impersonation detection system for a wireless node of a wireless 
communication network, the node for transmitting original data frames 
over a wireless interface (abstract) comprising: 
. - an intrusion detection module for correlating the original data frames with 
incoming data frames received over the air interface (col. 12, lines 33- 
67); and 

connection means between the wireless node and the intrusion detection 
module for providing the intrusion detection module with' a copy of the 
original data frames (col. 12, lines 50-67, col. 13, lines 1-28). 
Regarding claim 17, Thomsen teaches 
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a wireless node for a wireless network (abstract) comprising: 
means for transmitting outgoing data frames over a wireless interface 
(col. 12, lines 33-67); 

an intrusion detection module for correlating the outgoing data frames 
with incoming data frames received from the air interface (col. 12, lines 
50-67, col. 13, lines 1-28); and 

a secure link between the wireless node and the intrusion detection 

■ 

module for providing the intrusion detection module with a copy of the 
outgoing data frames (col. 10, lines 50-67, col. 11, lines 1-33). 

Regarding claim 2, Thomsen teaches wherein step a) comprises transmitting 
the copy over a secure link established between the wireless node and the intrusion 
detection module (col. 1, lines 50-67). 

Regarding claim 3, Thomsen teaches wherein the copy comprises only 
management frames (col. 11, lines 50-67, col. 12, lines 1-18). 

Regarding claim 4, Thomsen teaches wherein the copy includes a summary of 
the outgoing data frames (col. 12, lines 33-67). 

Regarding claim 5, Thomsen teaches wherein the summary of the outgoing 
data frames comprises frames that allow statistical comparisons (col. 12, lines 50-67). 

Regarding claim 6, Thomsen teaches wherein the summary comprises the 
number of the outgoing data frames transmitted over a time interval (col. 12, lines 33- 
67). 
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Regarding claim 7, Thomsen teaches wherein the summary comprises the 
types of the original data frames (col. 11, lines 50-67, col. 12, lines 33-67). 

Regarding claim 8, Thomsen teaches wherein step b) comprises monitoring all 
wireless channels allocated to the wireless node and extracting the incoming data 
frames received over all the wireless channels (col. 15, lines 30-67). 

Regarding claim 9, Thomsen teaches wherein step c) comprises: correlating the 
original data frames with the incoming data frames for detecting an inconsistency 
between the frames; and upon detection of the inconsistency, further processing the 
received data frames for qualifying the impersonating attack (col. 10, lines 50-67, col. 
11, lines 1-33). 

Regarding claim 11, Thomsen teaches wherein the intrusion detection module 
comprises: a first receiving unit for receiving the copy; an antenna for capturing the 
incoming traffic received on all transmission channels allocated to the wireless node; a 
second receiving unit for detecting the incoming data frames from the incoming traffic; 
and a data processing unit for correlating the copy with the incoming data frames and 
generating a impersonation detection signal (col. 9, lines 1-15, col. 12, lines 50-67, 
col. 13, lines 1-28). 

Regarding claim 12, Thomsen teaches wherein the intrusion detection module 
further comprises means for qualifying an intrusion attack based on the impersonation 
detected signal (col. 10, lines 50-67, col. 11, lines 1-33). 

Regarding claim 13, Thomsen teaches wherein the connection means 
comprises, when the intrusion detection module resides away from the wireless node: a 
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transmitting unit on the wireless node, for transmitting the copy to the intrusion detection 
module; a secure link for connecting the wireless node with the intrusion detection 
module; and a receiving unit on the intrusion detection module for receiving the copy 
(col. 15, lines 30-67). 

Regarding claim 14, Thomsen teaches wherein the secure link operates 
according to a communication protocol (col. 1, lines 50-67). 

Regarding claim 16, Thomsen teaches wherein the secure link is established as 
inter-processes communication, when the intrusion detection module is integrated within 
the wireless node (col. 8, lines 18-50). 

Regarding claim 18, Thomsen teaches wherein the intrusion detection module 
comprises: a first receiving unit for receiving the copy of the outgoing data frames; an 

» 

antenna for capturing the incoming traffic carried on all transmission channels allocated 
to the wireless node; a second receiving unit for detecting the incoming data frames 
from the incoming traffic; and a data processing unit for correlating the copy of the 
outgoing data frames with the incoming data frames and generating an impersonation 
detected signal (col. 10, lines 50-67, col. 11, lines 1-33). 

Regarding claim 19, Thomsen teaches wherein the intrusion detection module 
further comprises means for qualifying an intrusion attack based on the a impersonation 
detected signal (col. 10, lines 50-67, col. 11, lines 1-33). 

Regarding claims 15 and 20, Thomsen teaches wherein the wireless network 
operates according to any wireless network technology (abstract). 
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Conclusion 



10. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to David G. Cervetti whose telephone number is (571)272- 
5861. The examiner can normally be reached on Monday-Tuesday and Thursday- 
Friday. 

11. If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Nasser Moazzami can be reached on (571)272-4195. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 

12. Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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